Displaying 11 results from an estimated 11 matches for "idmap_sss".
Did you mean:
idmap_nss
2019 Aug 23
1
Winbind timeouts/hangs(?)
...nny via samba:
> see Red-Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=1663323
> They no longer support using sssd with winbind.
Yes, I know that discussion, and if you read the corresponding bug
report, the case that was mentioned (which is outdated already, please
look for info on idmap_sss for Samba for combining the two) is if sssd
and winbind run against the same domain and both derive information for
the same user base. There are later bug reports which explicitly state
that the corresponding note, which was added to the documentation at the
beginning of this year, is outdated...
2019 Aug 23
2
Winbind timeouts/hangs(?)
...as I'm not using sssd and winbind for the same authentication domain
(rather, winbind is for a windows domain, sssd for an LDAP-based
authentication domain, and the usernames don't overlap), my only
solution would be to switch to sssd completely, which is definitely
possible thanks to idmap_sss (i.e., there's interoperability between
winbind and sssd when both go against the same domain, as not having any
integration would break all the other Samba services when working with
sssd).
So, anyway, this comment is neither correct (RedHat explicitly states
how to configure winbind/samb...
2019 Jun 25
5
SMB share access for machines which are not joined to the domain?
On 6/25/19 11:21 AM, Gregory Sloop via samba wrote:
> You can always connect to the SMB share using a domain user/password credential set, even if you're not a member of the domain.
> Something like - Connect as: User: "somedomain\pat" with Pat's password.
>
When we try this from a machine that is not connected to the domain,
authentication fails:
2019 Aug 23
0
Winbind timeouts/hangs(?)
...ng sssd and winbind for the same authentication domain
> (rather, winbind is for a windows domain, sssd for an LDAP-based
> authentication domain, and the usernames don't overlap), my only
> solution would be to switch to sssd completely, which is definitely
> possible thanks to idmap_sss (i.e., there's interoperability between
> winbind and sssd when both go against the same domain, as not having
> any integration would break all the other Samba services when working
> with sssd).
>
> So, anyway, this comment is neither correct (RedHat explicitly states
>...
2020 Jun 03
0
net ads status stripped output
...ber attributes to AD ?
> No since we are not using Samba to authenticate any users on the Ubuntu
> machines. We only use Samba to join the computer to the Active Directory
> domain.
Reading between the lines, it sounds like you are using sssd, if so, you
need to configure smb.conf to use idmap_sss and have no shares. You
cannot use sssd with Samba >= 4.8.0 and have shares.
If you are going to use idmap_ad (backend = ad), then you must add
uidNumber and gidNumber attributes to AD
>
>> include = /etc/samba/local_shares.conf
>>
>>> What is in the include fi...
2019 Aug 23
2
Winbind timeouts/hangs(?)
Hey,
Am 23.08.2019 11:13, schrieb L.P.H. van Belle via samba:
> Your where running Debian buster 4.9.5, you could try my 4.9.11/4.10.6
> package of debian sid/testing, its 4.9.11 package.
same behaviour with testing (4.9.11), tested that already. As I already
wrote, I've definitely checked the networking, and that's all fine.
There are no network packets generated by winbind when
2020 Jun 09
1
Virtual IP/netbios name for AD-authenticated shares in failover cluster
Hi Gurus,
I have a simple failover cluster on two SLES 12 SP3 nodes with Samba/winbind for authenticating AD-user access to the shares. The shares are reached through a virtual hostname/IP which differs from the SLES-server itself.
The servers uses SSSD for normal SSH-authentication, also against the same Active Domain.
Here is the problem - if I get Samba/winbind to work with the virtual
2020 Aug 28
3
accessing foreign AD users to NT domain
Rowland penny via samba ha scritto il 27/08/20 alle 16:43:
> [...]
> Netbios is intrinsically tied to SMBv1 and? LLMNR (Link-Local Multicast
> Name Resolution) is also connected in a way, it allows name resolutions
> without a nameserver. So, if you are using it, I personally wouldn't,
> ever heard of MITM ?
Just to understand a little more... NetBIOS with a wins server
2020 Jun 04
1
File server questions
Le jeu. 4 juin 2020 ? 16:48, Rowland penny via samba <samba at lists.samba.org>
a ?crit :
> On 04/06/2020 15:25, mathias dufresne wrote:
> >
> > System users are users which can be used in system side. Typically
> > those in /etc/passwd but for a more generic approach I mean "each and
> > every users available through 'getent passwd [username]'"
2017 May 28
3
Samba 4.4, sssd, adcli; windows hosts cannot authenticate
I'm running samba 4.4.4 on el7. I'm attempting to provide a share
auth by Kerberos or for non-kerberos hosts auth by password on Linux
or Windows (7)
clients.
We have uid/gid/group memberships in AD and typically configure
Linux hosts with a kerberos/sssd/ldap configuration which uses
attributes from AD, but are not joined to domain.
I need to be able to automate the domain join with
2020 Jun 03
8
net ads status stripped output
Hi all,
I have successfully joined a Ubuntu 20.04 (focal) machine to a
Active Directory domain using ADS. Running the `net ads status` command
does not output the information that I expect.
This is an example of running `net ads status` on a Ubuntu 20.04
(focal) machine running Samba version 4.11.6-Ubuntu.
# net ads status
objectClass: top
objectClass: person
objectClass: organizationalPerson